GB/T 38635.1-2020 English PDFUS$779.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 38635.1-2020: Information security technology - Identity-based cryptographic algorithms SM9 - Part 1: General Status: Valid
Basic dataStandard ID: GB/T 38635.1-2020 (GB/T38635.1-2020)Description (Translated English): Information security technology - Identity-based cryptographic algorithms SM9 - Part 1: General Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 42,427 Date of Issue: 2020-04-28 Date of Implementation: 2020-11-01 Quoted Standard: GB/T 32905; GB/T 32907 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration Summary: This standard specifies the necessary basic mathematical knowledge, cryptographic techniques and specific parameters involved in the SM9 identification cryptographic algorithm. This standard applies to the implementation and application of SM9 identification passwords. GB/T 38635.1-2020: Information security technology - Identity-based cryptographic algorithms SM9 - Part 1: General---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Identity-based cryptographic algorithms SM9--Part 1.General ICS 35.040 L80 National Standards of People's Republic of China Information security technology SM9 logo password algorithm Part 1.General 2020-04-28 release 2020-11-01 implementation State Administration of Market Supervision and Administration Issued by the National Standardization Management Committee ContentsForeword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Symbol 1 5 Finite fields and elliptic curves 3 5.1 Finite Field 3 5.2 Elliptic curves over finite fields 4 5.3 Elliptic curve group 4 5.4 Elliptic curve multiple point operation 5 5.5 Verification of points on elliptic curve subgroups 5 5.6 Discrete logarithm problem 5 6 Bilinear pair and safety curve 5 6.1 Bilinear pair 5 6.2 Security 6 6.3 Embedding times and safety curve 6 7 Data types and their conversion 6 7.1 Data type 6 7.2 Data type conversion 7 8 System parameters and their verification 10 8.1 System parameters 10 8.2 Verification of system parameters 11 Appendix A (Normative Appendix) Parameter Definition 12 Appendix B (informative appendix) background knowledge about elliptic curves 14 Appendix C (Informative) Calculation of Bilinear Pairs on Elliptic Curves 21 Appendix D (Informative Appendix) Number Theory Algorithm 28 References 33ForewordGB/T 38635 "Information Security Technology SM9 Logo Password Algorithm" is divided into two parts. ---Part 1.General Provisions; ---Part 2.Algorithms. This part is Part 1 of GB/T 38635. This section was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This section was drafted by. National Information Security Engineering Technology Research Center, Beijing Guomai Xinan Technology Co., Ltd., Shenzhen Aolian Information Security All-Tech Co., Ltd., Institute of Software, Chinese Academy of Sciences, Wuhan University, Institute of Information Engineering, Chinese Academy of Sciences. The main drafters of this section. Chen Xiao, Cheng Zhaohui, Zhang Zhenfeng, Ye Dingfeng, Hu Lei, Chen Jianhua, Ji Qingguang, Yuan Wengong, Liu Ping, Ma Ning, Yuan Feng, Li Zengxin, Wang Xuejin, Yang Hengliang, Zhang Qingpo, Ma Yanli, Pu Yusan, Tang Ying, Sun Yisheng, An Xuan, Feng Weiduan, Zhang Liyuan.IntroductionA. Shamir proposed the concept of identity-based cryptography in 1984. The user's private key is calculated by the key generation center (KGC) based on the master key and the user ID, and the user's public key is uniquely determined by the user ID. The identity manager shall ensure the authenticity of the identity. Compared with the certificate-based public key cryptosystem, the key management link in the identification cryptosystem Can be simplified appropriately. In.1999, K. Ohgishi, R. Sakai and M. Kasahara proposed the use of elliptic curve pairing to construct logo-based Key sharing scheme; in.2001, D. Boneh and M. Franklin, as well as R. Sakai, K. Ohgishi and M. Kasahara independently proposed An elliptic curve pair construction identification public key encryption algorithm is presented. These works have triggered new developments in logo ciphers, and a number of The identification cryptographic algorithm implemented by wire pair includes digital signature algorithm, key exchange protocol, key encapsulation mechanism and public key encryption algorithm. The pair of elliptic curves has a bilinear property. It establishes a connection between the cyclic subgroup of the elliptic curve and the multiplicative cyclic subgroup of the extended domain. Became the problems of bilinear DH, bilinear inverse DH, decisive bilinear inverse DH, τ-bilinear inverse DH and τ-Gap-bilinear inverse DH, etc., When the elliptic curve discrete logarithm problem and the extended domain discrete logarithm problem are difficult to solve, the safety and real An identification password that takes into account both efficiency and efficiency. Information security technology SM9 logo password algorithm Part 1.General1 ScopeThis part of GB/T 38635 specifies the necessary relevant mathematical basic knowledge, cryptography and specific parameter. This section applies to the realization and application of SM9 logo passwords.2 Normative referencesThe following documents are essential for the application of this document. For dated references, only the dated version applies to this article Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document. GB/T 32905 information security technology SM3 password hash algorithm GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm3 Terms and definitionsThe following terms and definitions apply to this document. 3.1 Identity Consists of information that the entity cannot deny, such as the entity's identifiable name, email address, ID number, phone number, street address, etc. Uniquely determine the identity of an entity. 3.2 Master key The key at the top of the hierarchy of identifying cryptographic keys, including the master private key and the master public key, where the master public key is public and the master private key is made by KGC Keep it secret. KGC uses the master private key and the user's logo to generate the user's private key. In the identification password, the master private key is generally passed by KGC through The number generator generates the master public key from the master private key combined with system parameters. 3.3 Key generation center; KGC In SM9 identification password, it is responsible for selecting the system parameters, generating the master key and generating the user's private key. 3.4 SM3 algorithm A hashing algorithm defined by GB/T 32905. 3.5 SM4 algorithm A block encryption algorithm defined by GB/T 32907.4 SymbolThe following symbols apply to this document. cf. Cofactor of elliptic curve order relative to N. cid. a curve identifier represented by a byte to distinguish the type of curve used. deg(f). Degree of polynomial f(x). Two factors of d1, d2.k. E. Elliptic curve defined in the finite field. ECDLP. Elliptic curve discrete logarithm problem. E(Fq). the set of all rational points (including the infinity point O) of the elliptic curve E on the finite field Fq. E(Fq)[r]. The set of r-twist points on E(Fq) [that is, the r-th twisted subgroup on curve E(Fq)]. e. Bilinear pair from G1×G2 to GT. eid. the identifier of the bilinear pair e represented by one byte, used to distinguish the type of bilinear pair used. FDLP. Discrete logarithm problem on finite field. Fp. prime field containing p elements. Fq. a finite field containing q elements. F*q. Multiplication group composed of all non-zero elements in Fq. Fqm. m-th spread field of finite field Fq. GT. Multiplicative cyclic group of order N. G1.Additive cyclic group of order N. G2.Additive cyclic group of order N. gcd(x,y). the greatest common factor of x and y. k. embedding number of curve E(Fq) relative to N, where N is modn. Modulo n operation. Example. 23mod7=2. N. the order of cyclic groups G1, G2 and GT, which is a prime number greater than 2191. O. A special point on the elliptic curve, called the infinity or zero point, is the unit element of the elliptic curve addition group. P.P=(xP,yP) is a point on the elliptic curve except O, and its coordinates xP,yP satisfy the elliptic curve equation. P1.The generator of G1. P2.The generator of G2. PQ. The sum of two points P and Q on the elliptic curve E. p. prime number greater than 2191. q. the number of elements in the finite field Fq. xP. The x coordinate of point P. x‖y. The concatenation of x and y, where x and y are bit strings or byte strings. x ºy (modq). x is congruent with y mod q. That is, xmodq=ymodq. yP. The y coordinate of point P. β. Twisted line parameters. y. homomorphic mapping from G2 to G1, satisfying P1=y(P2). ⊕. Two bit strings of equal length are added according to the modulo 2 of the bit.5 Finite fields and elliptic curves5.1 Finite fields 5.1.1 Overview The domain consists of a non-empty set F and two operations, which are addition (denoted by "") and multiplication (denoted by "·") Indicates), and meets the following arithmetic characteristics. a) (F,) For the addition operation to form an addition commutative group, the unit element is represented by 0; b) (F\\{0},·) For the multiplication operation to form a multiplication swap group, the unit element is represented by 1; c) The distribution law holds. for all a, b, c ∈ F, there are (ab)·c=a·cb·c. If the set F is a finite set, the domain is called a finite field. The number of elements in a finite field is called the order of the finite field. 5.1.2 Prime field Fp The finite field whose order is prime is the prime field. Let p be a prime number, then the set of all remainders of integer modulus p {0,1,2,..,p-1} about the addition and multiplication of modulus p constitute A p-order prime field, represented by the symbol Fp. Fp has the following properties. a) The unit of addition is 0; b) The multiplication unit is 1; c) The addition of domain elements is the modulo p addition of integers, that is, if a, b ∈ Fp, then ab = (ab) modp; d) The multiplication of domain elements is a modular p multiplication of integers, ie if a, b ∈ Fp, then a·b=(a·b) modp. 5.1.3 The expansion field Fqm of finite field Fq Let q be a prime or prime power, and f(x) be an irreducible polynomial of degree m(m >1) on the polynomial ring Fq[x] Polynomial or domain polynomial), the quotient ring Fq[x]/(f(x)) is a finite field with qm elements (denoted as Fqm), and Fqm is called a finite field Fq Expanded domain, domain Fq is a subdomain of domain Fqm, and m is the number of expansions. Fqm can be regarded as an m-dimensional vector space on Fq. Every element of Fqm can be In the form uniquely written as a0β0 a1β1 am -1βm-1, where ai ∈ Fq, and β0, β1,..., Βm-1 is the vector space Fqm in Fq On a set of bases. The elements in Fqm can be represented by polynomial or normal basis. In this section, unless otherwise specified, the elements in Fqm are used Polynomial basis representation. The irreducible polynomial f(x) can be taken as the first polynomial f(x) = xm fm -1xm -1 f2x2 f1x f0 (where fi ∈Fq,i=0,1,..,m-1), the elements in Fqm are composed of all polynomials with degree lower than m in the polynomial ring Fq[x]. Polynomial set The combination {xm-1,xm-2,..,x,1} is a set of bases of Fqm on Fq, called polynomial bases. Any element on the field Fqm a(x) = The coefficients of am-1xm-1 am-2xm-2 a1x a0 on Fq just constitute an m-dimensional vector, using a=(am-1,am-2,... a1, a0) means that the component ai ∈ Fq, i=0, 1,.., m-1. Fqm has the following properties. a) Zero element 0 is represented by m-dimensional vector (0,..,0,0); b) The multiplicative unit cell 1 is represented by an m-dimensional vector (0,.., 0, 1); c) The addition of two domain elements is a vector addition, and each component is added by the domain Fq; d) The multiplication of domain elements a and b is defined as follows. suppose the polynomials on Fq corresponding to a and b are a(x) and b(x), then ab is defined as The vector corresponding to the polynomial (a(x)b(x)) modf(x); e) Inverse element. Let the polynomial on Fq corresponding to a be a(x), and the polynomial on Fq corresponding to inverse element a-1 of a be a-1(x), then there is a (x)·a-1(x)≡1modf(x). This section uses the 12-time spread field on Fq. See Appendix A. For more details on the extended field Fqm of finite fields, see B.1 in Appendix B. 5.2 Elliptic curves over finite fields The elliptic curve on the finite field Fqm (m≥1) is a set of points. In the affine coordinate system, the point P (non-infinite) on the elliptic curve Far point) is represented by two domain elements xP and yP that satisfy a certain equation, xP and yP are called the x coordinate and y coordinate of point P, respectively, and remember P = (xP, yP). This section describes the curve on the domain characterized by large prime numbers p. Unless otherwise specified in this section, the points on the elliptic curve are expressed in affine coordinates. See equation (1) for the elliptic curve equation defined on Fpm. y2=x3 ax b,a,b∈Fpm, and 4a3 27b2≠0 (1) The elliptic curve E (Fpm) is defined as. E(Fpm)={(x,y)|x,y∈Fpm, and satisfy the formula (1)}∪{O}, where O is the point at infinity. The number of points on the elliptic curve E(Fpm) is used 5.4 Calculation of multiple points of elliptic curve The repeated addition of the same point on an elliptic curve is called the multiplication of that point. Let u be a positive integer and P be on the elliptic curve Point, its u times point Multi-point operation can be extended to 0-time operation and negative-time operation. [0]P=O,[-u]P=[u](-P) Multi-point operation can be effectively achieved through some techniques, see B.2. 5.5 Verification of points on elliptic curve subgroups Input. Define the parameters a and b of the elliptic curve equation on Fqm (q is odd prime, m≥1), and the order of subgroup G on the elliptic curve E(Fqm) A pair of elements (x, y) on N, Fqm. Output. If (x, y) is an element in group G, output "valid"; otherwise output "invalid". The calculation steps are. a) On Fqm, verify that (x, y) satisfies the elliptic curve equation y2=x3 ax b; b) Let Q=(x,y) and verify [N]Q=O. If any of the above verification fails, it outputs "invalid"; otherwise, it outputs "valid". 5.6 Discrete logarithm problem 5.6.1 Discrete logarithm problem over finite fields (FDLP) All non-zero elements of the finite field Fqm (q is odd prime, m ≥ 1) form a multiplicative cyclic group, denoted as F ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 38635.1-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 38635.1-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 38635.1-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 38635.1-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
